Sophos Firewall

Discussions IPSEC Site to site no ping on one way

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 7 replies
Subscribers 27 subscribers
Views 16140 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Site to site no ping on one way

thomas chevalier over 7 years ago

hello,

i am working on connecting my two main company sites.

But i'm starting to have no idea, i would like to get some help :)

Site A with a cyberoam CR35wiNG and site B with a Sophos XG125W.

I have successfully create an IPsec tunnel between A and B.

So far, i can ping and access without trouble to site B from site A.

but, from site B, i am not able to ping site A.

There are the same Firewall rule on both side.

i likely missed somethnig easy, but i don't see....

Thanks for your help,

Best regards,

This thread was automatically locked due to age.

Parents

0 Guilherme Figueiredo over 7 years ago

Hello Thomas how are you?

Do you check the rules?, try the command tracert.
Cancel
Vote Up 0 Vote Down

Cancel
0 thomas chevalier over 7 years ago in reply to Guilherme Figueiredo

Thanks for your answer :)

I am playing with the firewall rules since yesterday. but so far, i am still not able to ping.

So i let the rule like the site A.

When i try the tracert, i am stuck at the internal LAN Gateway (that's weird, cause yesterday, i was stuck at the internal WAN Gateway)

If you have any idea for the diagnostique :)

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 Guilherme Figueiredo over 7 years ago in reply to thomas chevalier

do you try ping and tracert from the firewall site B?

Firewall Site B --> GW Site A.

Firewall Site B --> Lan Site A.
Cancel
Vote Up 0 Vote Down

Cancel
0 thomas chevalier over 7 years ago in reply to Guilherme Figueiredo

I am actually connected on remote to the server that is on the LAN on site B.

From there, i try to ping the server in Site A.

To give you an idea :

site B = LAN (10.0.100.X) - gateway LAN (10.0.100.1) - gateway WAN (192.168.1.1) - modem router with optic fiber

site A = LAN (192.168.0.X) - gateway LAN (192.168.0.1) - gateway WAN (192.168.1.1) - moden router with optic fiber

Now, from site A when i try Tracert outside of my internal network (GW site A or LAN Site A) , i am stuck at 10.0.100.1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 thomas chevalier over 7 years ago in reply to Guilherme Figueiredo

I am actually connected on remote to the server that is on the LAN on site B.

From there, i try to ping the server in Site A.

To give you an idea :

site B = LAN (10.0.100.X) - gateway LAN (10.0.100.1) - gateway WAN (192.168.1.1) - modem router with optic fiber

site A = LAN (192.168.0.X) - gateway LAN (192.168.0.1) - gateway WAN (192.168.1.1) - moden router with optic fiber

Now, from site A when i try Tracert outside of my internal network (GW site A or LAN Site A) , i am stuck at 10.0.100.1
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 thomas chevalier over 7 years ago in reply to thomas chevalier

If it could help, and be more clear :

i am on the site A (192.168.0.X), connected by RDP using the VPN site to site, to the server in Site B (10.0.100.X)

So, it works well, but only from one side
Cancel
Vote Up 0 Vote Down

Cancel
0 Guilherme Figueiredo over 7 years ago in reply to thomas chevalier

alright, I understand your question, but the rule for VPN access and any for services it's ok.

The ISP on the Sites are the same.

I say this because i had this same problem but was Rule on firewal.
Cancel
Vote Up 0 Vote Down

Cancel
0 thomas chevalier over 7 years ago in reply to thomas chevalier

Thanks a lot for your help.

i fixed the issue. (that was a weird in fact).

Since yesterday, i was modifying the rule, instead of delete and create a new one.

So, i create a new Firewall rule, with only the server address as host, and by miracle it works....

Thanks,

Best regards,
Cancel
Vote Up 0 Vote Down

Cancel